05-17-2006 12:08 PM - edited 07-04-2021 12:06 PM
Hello All,
I'm doing some initial congiuration testing for mobile IP. Ive managed to get an inital configuration on my home agent and test client (let just say it's a laptop w/ WinXP for now). For the moment, Ive been sucessful with establishing a tunnel with my client when I'm inside our enterprise network, but its failing when I connect my client to a public network and having to traverse our firewall.
When I enable debug ip mobile, this is the output I get:
00:10:26: MobileIP: ParseRegExt type NAI(131) addr 61C496C end 61C49A0
00:10:26: MobileIP: ParseRegExt skipping 20 to next
00:10:26: MobileIP: ParseRegExt type UDPTUNREQE(144) addr 61C4982 end 61C49A0
00:10:26: MobileIP: Parsing UDP Tunnel Request Extension - length 6
00:10:26: MobileIP: ParseRegExt skipping 6 to next
00:10:26: MobileIP: ParseRegExt type MHAE(32) addr 61C498A end 61C49A0
00:10:26: MobileIP: ParseRegExt skipping 20 to next
00:10:26: MobileIP: FA rcv registration for MN sean.daly@xxx.com on FastEthernet0/1 using COA 69.151.57.71 HA 205.142.239.229 lifetime 600 options sbDmg-T- identification C815F6702900236Eg a
00:10:26: MobileIP: Registration request in for MN sean.daly@xxx.com but no FA service (no care-of address), ignoredll
Please make note that I do not have the luxury of a Foreign Agent, just a Home Agent and Mobile node, which I understand is do'able.
So far, this is my home agent config:
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname mokc2w9rtr11
!
boot-start-marker
boot system flash c3640-ik9s-mz.124-7a.bin
boot-end-marker
!
**snip**
interface Loopback0
ip address 172.31.5.1 255.255.255.255
!
interface FastEthernet0/0
shutdown
!
interface FastEthernet0/1
ip address 170.231.x.x.255.248.0
speed 100
full-duplex
!
router mobile
!
router eigrp 1
redistribute mobile
network 170.231.0.0
no auto-summary
!
ip local pool ha-pool 172.31.x.x.31.5.250
no ip http server
no ip http secure-server
!
!
ip mobile home-agent nat traversal keepalive 15 forced accept
ip mobile home-agent
ip mobile host nai sean.daly@xxx.com address pool local ha-pool virtual-network 172.31.5.0 255.255.255.0
ip mobile secure host nai sean.daly@xxx.com spi 100 key hex 00000000000000000000000000000000 algorithm hmac-md5
!
**snip**
... and here's my client config. . .
#CiscoSystems
Version = 11.0
profile
profile-header
id = main1
key-version = 2.3
ack-id = 0
disable-protection = false
device-mode = false
end-profile-header
mobile-ip
local-ip-address = 0.0.0.0
local-subnet = 255.255.255.0
local-default-gateway = 172.31.5.1
nai = sean.daly@xxx.com
dns-server-list
address = 170.x.18.129
end-dns-server-list
dns-suffix-list
domain = na.ad.utilicorp.com
end-dns-suffix-list
passthru = false
broadcast-on = false
broadcast-on-ppp = false
enable-dynamic-ha = false
initial-re-registration-time = 4
re-registration-minimal-time = 30
re-registration-threshold = 90
colocated-registration-time = 600
AAA-authenticate-always = false
wait-colocated-time = 2
force-reverse-tunneling = dont
solicitation-address = 224.0.0.2
registration-mode-classical
home-agent-external-address = 205.x.x.229
home-agent-internal-address = 172.31.5.1
end-registration-mode-classical
security-association
remote-end = HA
security-context
spi = 0x100
algorithm-identifier = HMAC-MD5
key = 00000000000000000000000000000000
replay-protection-method = timestamp
end-security-context
end-security-association
trusted-fa-list
0.0.0.0
end-trusted-fa-list
home-subnet
network
address = 170.231.0.0
mask = 255.255.0.0
end-network
end-home-subnet
end-mobile-ip
Thanks.
05-23-2006 08:23 AM
you need to verify whether the firewall allows you to access the outside network.
05-23-2006 12:34 PM
Yes it does, and I'm fairly sure that the appropriate access is given (UDP/434) through the firewall given the home agent is at least seeing the RRQ. The debug message stated the FA wasn't available, so why doesn't use the colocated COA that is gets from the mobile node? Is it there a configuration option on the HA to force use of a colocated COA instead of a foreign agent?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: